Vulnerabilities > IBM > Security Access Manager > 9.0.1.0

DATE CVE VULNERABILITY TITLE RISK
2018-12-13 CVE-2018-1887 Use of Hard-coded Credentials vulnerability in IBM Security Access Manager
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
local
low complexity
ibm CWE-798
4.6
4.6
2018-12-13 CVE-2018-1886 Information Exposure vulnerability in IBM Security Access Manager
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 discloses sensitive information to unauthorized users.
network
low complexity
ibm CWE-200
5.0
5.0
2018-12-13 CVE-2018-1815 Cross-site Scripting vulnerability in IBM Security Access Manager
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 for Enterprise Single-Sign On is vulnerable to cross-site scripting.
network
ibm CWE-79
4.3
4.3
2018-12-13 CVE-2018-1814 Inadequate Encryption Strength vulnerability in IBM Security Access Manager
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-326
5.0
5.0
2018-12-13 CVE-2018-1813 Unspecified vulnerability in IBM Security Access Manager
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity.
network
low complexity
ibm
4.0
4.0
2018-12-13 CVE-2018-1805 Information Exposure vulnerability in IBM Security Access Manager
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 generates an error message that includes sensitive information about its environment, users, or associated data.
network
low complexity
ibm CWE-200
4.0
4.0
2018-12-13 CVE-2018-1804 Session Fixation vulnerability in IBM Security Access Manager
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 does not set the secure attribute on authorization tokens or session cookies.
network
ibm CWE-384
4.3
4.3
2018-12-13 CVE-2018-1803 Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Security Access Manager
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 could allow a remote attacker to hijack the clicking action of the victim.
network
ibm CWE-1021
4.3
4.3
2018-12-13 CVE-2018-1740 Cross-site Scripting vulnerability in IBM Security Access Manager
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
3.5
2018-12-13 CVE-2018-1653 Cross-site Scripting vulnerability in IBM Security Access Manager
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
3.5